When I read the Harvard Business Review article by Marc van Zadelhoff in 2016, I took a look at our small company and found a number of, call it, “best practices,” think about for our cybersecurity. This, along with trying to gain more revenue, serve our customers and simply to grow the business. We found we were doing well but could do better. Our president made this a priority. Not all companies do.
The points made over two years ago are even more relevant today – namely that “trusted internal systems” and a selected few people threaten security by what they do every day. What was true in 2016 is even more relevant today. I remember the best advice was: “Don’t forget the basics.”
I recently reviewed IBM’s 2019 X-Force Threat Intelligence and found nuggets of grueling reality –finance/insurance represent 19% of attacks, hardware vulnerabilities now allow deep attacks against protected memory and 40% of spam comes from China. What caught my eye though was another one: nearly one-third of attacks analyzed by X-Force IRIS involved compromises via phishing emails. Emails.
Emails as a threat. What?
Now. What do people do at work every day, all day? They use applications to do tasks, have meetings, and communicate. Often via email. Huh.
I looked at my email accounts – I have six of them for various reasons. I thought about the security of what I was sending for files and to whom I was sending it to. Then, I started looking at all the emails I received from different people, world regions, and across many verticals. Is there a threat? Honest answer: I guess so.
I am embarrassed to admit I recently got phished from a very clever and timely email. A website I manage was nearing expiration and lo and behold, the email showed up to solve that problem. The timeliness was super. I fell for it, send my credit card info and voila! Phished. Email.
Back to the future. Back to basics.
Doesn’t 2016 seem so far away? Wasn’t life simpler back then for cyber defense? No, it is just starting.
There’s no moral here; just a short post and reminder: Get back to basics and understand that the greatest threat in cybersecurity is within our own companies. Oh, one more thing. Check out how emails are managed.